Privacy Policy
You can use the following Section in your Privacy Policy to disclose the use of Malloc Security SDK in your mobile app.
Privacy and Security Policy: Malloc Security SDK Integration
Company Name ("we", "our", or "us") integrates the Malloc Security SDK provided by Malloc Limited (Cyprus) to enhance app security and provided functionality.
1. Purpose
The SDK enables:
- Malware/spyware scanning (on-device detection)
- Root/jailbroken device detection (on-device detection)
- Apps and Files malware detection (SHA classification)
- URL/IP reputation checks (domain-level threat analysis)
2. Data Processing
| Data Type | Processing Method | Retention |
|---|---|---|
| Device info | Anonymized locally | Not stored |
| App metadata | On-device scan and via* *Malloc API | 30 days* |
| URL/IP data | Domain checks via* *Malloc API | 30 days* |
| Device ID | Hashed for analytics | 30 days* |
*Pseudonymized/hashed data
Key Notes:
✔️ Scans occur on-device (no personal data transmitted)
✔️ Only domain-level data and SHA of files is sent (no full URLs/credentials, or complete apps)
✔️ Device ID used only for SDK metrics
3. Legal Basis (GDPR)
- Article 6(1)(b): Necessary for app functionality
- Article 6(1)(f): Legitimate security interest
4. User Controls
- Disable scans:
Settings > Security - Clear scan history:
Settings > Privacy - Data deletion requests:
privacy@company.com
5. Third Parties
- Malloc acts as GDPR processor & CCPA subprocessor
- No data sold or used for advertising
6. App Store Disclosure
"[App] uses Malloc SDK for security scans and to enhance the provided security functionality. All processing is local; only anonymized domain data is shared. No personal data collected/sold. [Learn more]"
7. Compliance
- Included in GDPR Article 30 records
- CCPA "Do Not Sell" link provided
- Updated platform data safety forms
8. Version Control
| Version | Date | Changes |
|---|---|---|
| 1.0 | YYYY-MM-DD | Initial implementation |
Contact:
📧 privacy@company.com
🏢 Company Address